fw-daemon

Commit Graph

Author	SHA1	Message	Date
dma	6d6c3c26ff	move sgfw socks config location	9 years ago
dma	dafec55bc7	Fixed bug with prompt rule / saved rule mismatch on SOCKS connects	9 years ago
dma	5a755a04e8	Change path of oz socket	9 years ago
dma	7b5a0ed980	Bug fixes, cleanup, improvement	9 years ago
dma	d2ff760197	Patch up IPC	9 years ago
dma	f3f5414fd4	Support for TLSGuard in prompter	9 years ago
dma	ae8f6d96ba	Fix rule evaluation of outgoing connections emerging from sandbox proxy ports	9 years ago
dma	a89f8118bf	Fix rule parsing, still working on this	9 years ago
dma	6cdb400d32	Fix bugs related to parsing rules file and saving rules file	9 years ago
User	14e1f99b03	Loosen match on UDP socket lookup (still WIP)	9 years ago
shw	2e7b7debeb	Incorporated TLSGuard and turned it on by default for all outbound SOCKS5 connections. Fixed display of nil IPs (when only hostname is passed via SOCKS5 connect).	9 years ago
shw	27d0a4809d	Updated SOCKS5 connection lookup code now correctly identifies originating process. Includes code to read internal proxy state information from (updated) oz-daemon.	9 years ago
shw	acf62b63d1	Changed SOCKS/Tor credential randomization so it only occurs if username and password are empty.	9 years ago
shw	de4f6ac206	SOCKS/Tor credential randomization to force new circuits with each outbound connection.	9 years ago
shw	515c4eb3ee	Squashed (some) noisy debug output.	9 years ago
shw	0f2b2413ea	Added per-process (ephemeral) rule support. (proc coroner now has support for multiple callbacks)	9 years ago
shw	af874c7395	Added support for AAAA records to DNS cache for IPv6 addressing.	9 years ago
shw	8546f6c416	Working (but not intensively tested) IPv6 support!	9 years ago
shw	5f5042fed4	Very noisy, experimental support for asynchronous multi-rule firewall prompting. Fixed prompted rule removal bug in fw-prompt.	9 years ago
shw	c3635093fa	Introduced per-process DNS cache segregation for all A records not returned by local resolver. Cached DNS name lookups now failover to global cache only populated by local resolver. Added proc-coroner module for detecting process deaths. procsnitch updated to handle multiple levels of "strictness" (necessary to lookup processes generating certain UDP data).	9 years ago
shw	51c181a881	Full support for multiple protocol types (UDP, ICMP). Cleared up awkward fw-settings/fwprompt GUI language caused by introduction of UDP/ICMP ("connection"-less) rules. fw-daemon automatically passes through all ICMP traffic sent to same address. Added (temporary) rule for passing through all UDP-based DNS server traffic. Updated developers' README documentation.	9 years ago
shw	ea31a28d3a	Added requisite Dbus code so that fw-settings automatically refreshes its rulelist on fw-daemon update. (there is an intermittent bug in here somewhere... seems to be a GTK-related fatal race condition)	9 years ago
shw	f47e23e706	Support for firewall rule matching by uid/gid and/or user/group name value. fw-daemon prompt GUI and fw-settings now include user/uid and group/gid info. sgfw prompt GUI now displays username instead of real name. Fixed bug in parsing IP addresses as CIDR values. sgfw_rules entries can now be commented out. Upgraded bundled go-procsnitch API.	9 years ago
shw	fa70c06af2	CIDR subnet/mask matching support for firewall rules.	9 years ago
shw	1cd25ed699	Added simple regex-based hostname matching for firewall rules.	9 years ago
shw	0708f9127c	Proper logging of all connections denied by firewall. fw-daemon now also forces logging to syslog if launched from a terminal.	9 years ago
shw	e895f204a7	Fixed bug so that system-wide firewall settings match all traffic except sandboxed traffic.	9 years ago
shw	b567e5ce54	oz-init pid mappings are now properly destroyed as these processes exit.	9 years ago
shw	a930fbbce0	Sandboxed process entries in GUI now include sandbox name/ID in display. Removed fatal error when a connection to oz-control socket cannot be established.	9 years ago
shw	ba35abfb46	Name of sandboxed exe returned by procsnitch is now resolved to absolute pathname.	9 years ago
shw	b4ed11261f	Added extra display info for "Sandboxed application" in fw-prompt gnome shell GUI. fw-prompt GUI gracefully displays unknown PIDs and UIDs. Fixed stupid syntax error bug in oz-init PID management code.	9 years ago
shw	7a1851419c	Added support for using fw-daemon on all processes system-wide. Added changes for fw-daemon to check sandboxed processes' oz-init /proc/[pid]/net/tcp with procsnitch. fw-daemon IPC accepts "register-init" command to register new oz-init process instance alerts. fw-daemon also checks for existing oz-init processes on startup. Updated vendor-bundled go-procsnitch to latest dev version that includes findTCPSocketAll().	9 years ago
shw	30482bf15b	Support for wildcard ports in dynamic OZ/fw rules. Modified behavior for source interface-based rules to allow for fallthrough policies.	9 years ago
shw	e1a994169f	Added removeall IPC command for stripping all rules matching a source interface.	9 years ago
shw	670abc5232	Removed code for custom matching of firewall rules.	9 years ago
shw	9069c91606	Garbage dump commit of current progress.	9 years ago
shw	08266cca76	Support for handling network traffic that can't be uncovered with procsnitch.	9 years ago
shw	cadb859dce	Added ephemeral oz sandbox/fw-daemon rules that can be updated via IPC connection. fw-daemon prompter is now updated with source address of originating packet. Fixed bug in decoding DNS data. Packets are dropped properly (by marking and then calling Accept()).	9 years ago
shw	942b0a0c01	Bug fix.	9 years ago
shw	8fe02202de	Very dirty/experimental replacement of nfqueue with native github.com/subgraph/go-nfnetlink package.	9 years ago
shw	4955c6a66b	Added (unused) origin field in firewall gnome-shell UI. Added some instructions.	9 years ago
shw	1e84a6e168	Reincorporated socks5 code. Fixed small but critical bug in rules matching/IP comparison.	9 years ago
xSmurf	90bbc67517	Linting...	10 years ago
xSmurf	02155c44ed	Golint...	10 years ago
xSmurf	c5b8dcb660	Golint..	10 years ago
xSmurf	2e6f98e410	FMT...	10 years ago
xSmurf	5d4b38c5b4	Refactor...	10 years ago
xSmurf	4b632fb6f2	Moved fw-daemon to command/lib	10 years ago
xSmurf	9c8f5895ca	Moved all to sgfw	10 years ago

49 Commits (e2ed0b68e74302a68e77e06997ae9fbe39ba50bd)